The self-regulatory inspection of South Korean cryptocurrency exchanges is complete. Fourteen out of 23 exchanges agreed to be inspected. Twelve met the self-regulatory standards despite security flaws, raising questions of how effective the inspection is.

12 Exchanges Pass Security Checks

The Korea Blockchain Association (KBA) held a press conference Wednesday to announce the results of its inspection of cryptocurrency exchanges operating in the country. The Association “gave a nod to the cybersecurity standards of 12 cryptocurrency exchanges,” the Korea Herald reported.

The KBA has been heavily promoting self-regulation since its establishment last year. Out of 23 members that are crypto exchanges, 14 of them voluntarily agreed to be inspected. According to the news outlet:

Exchanges that gained self-regulatory affirmation were 12 out of 14: Dexko, Hanbitco, Okcoin Korea, Huobi Korea, Bithumb, Upbit, Neoframe, Gopax, Cpdax, Coinzest, Korbit and Coinone. Operators of the other two — Sunny7 and Komid — withdrew from the KBA-led inspection.

The inspection was conducted “through interviews by third-party experts authorized by KBA in June and July,” the publication noted, emphasizing that a “hacking simulation on the exchanges did not take place.”

Nonetheless, the association said the 12 exchanges met “general standards” such as “minimum total assets, adoption of a cold wallet, anti-money laundering requirements and dozens more.” They also met “the criteria for cybersecurity standards, which the association referred to as minimum requirements.”

Association Criticized for Poor Screening

Following the KBA’s announcement, some industry participants pointed out major flaws in the inspection.

The association has come “under fire for poor screening of cryptocurrency exchanges,” the Korea Times wrote, emphasizing that “the KBA even extended its one-month inspection to two months to allow sufficient time for underprepared exchanges, inviting criticism for carrying out an inspection in name only.”

Furthermore, “It is pointed out that even though hacking incidents at virtual currency trading sites have occurred recently, all trading sites have passed the screening,” Money Today wrote, suggesting that the inspection was ineffective. Last month, Coinrail and Bithumb were hacked.

The news outlet quoted an industry source asserting, “it is doubtful that all of them have passed [the inspection],” noting that “the fact that the scores of the detailed evaluation items are not disclosed for each trading site is also a cause of doubt in the examination results.” The Korea Times elaborated:

The KBA did not disclose a detailed score or security rating of each cryptocurrency exchange, casting doubt about the fairness of the inspection. The KBA said the disclosure could trigger another cyberattack on domestic exchanges with weaker security firewalls.

The chairman of the association, Jeon Ha-jin, even “indirectly admitted the group’s inspection may have loopholes,” according to the news outlet.

He was quoted explaining, “This inspection does not guarantee the absolute safety of the 12 exchanges,” noting that “The result indicates the 12 exchanges satisfy the minimum requirement for their operations. It is like a driver’s license. It is hard to tell whether they are good drivers or not.”

The chairman also declined to elaborate on a “huge gap in the level of handling cybersecurity risks between the 12 exchanges,” the Korea Herald conveyed.

The announcement by KBA came just days after the Korean government revealed its analysis of hacking incidents in the country. The government has been criticized for not doing enough to prevent hacking damages since three of the 31 exchanges it inspected were hacked, causing damages of about 110 billion won (~US$98 million).

What do you think of this self-regulatory inspection and standards? Let us know in the comments section below.